| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <00fe01c81d7d$d6aa9480$4101a8c0@DAVID> Date: Fri, 2 Nov 2007 18:25:58 -0000 From: "David Harley" <david.a.harley@...il.com> To: "'Roger A. Grimes'" <roger@...neretcs.com>, "'Alex Eckelberry'" <AlexE@...belt-software.com>, "'Thor \(Hammer of God\)'" <thor@...merofgod.com>, "'Gadi Evron'" <ge@...uxbox.org>, <full-disclosure@...ts.grok.org.uk>, <bugtraq@...urityfocus.com> Subject: Re: mac trojan in-the-wild > Actually, on that same note, I recently did an analysis of > the last three years of published Windows vulnerabilities. Thanks, Roger. That's a really useful, apposite and timely item. -- David Harley AVIEN Interim Administrator: http://www.avien.org http://www.smallblue-greenworld.co.uk > 86% required local end-user interaction (i.e. social > engineering) to be pulled off. > http://www.infoworld.com/article/07/10/19/42OPsecadvise-inside r-threats_ > 1.html > > I didn't analyze Linux or BSD threats, but my gut feeling > puts them at the same level or even higher. > > With 86% or more of the past threats requiring social > engineering to pull off, we can safely say the "future" you > state below is here now. > > Now, what is interesting is that any exploit requiring social > engineering to work has so far been less of a problem than > the vast majority of "remote buffer overflow" exploits like > the Blaster and SQL worms. Social engineering-required > malware still works, and works well, but not with the same > success of remote buffer overflow malware. There is very > little we in the security space can point to as a > success...but the overall decrease in remote buffer overflows > is one. Unfortunately, the social engineering malware is > getting better day-by-day. We can no longer count on > mispellings (sic) and bad grammar to be malware indicators. > Our users, regardless of the OS, are ready as ever to click > on interesting content, malicious or not. We've got to design > our defenses to pay more attention to client-side attacks, > but it is the weak point now, not in the future. > > Roger > > ***************************************************************** > *Roger A. Grimes, InfoWorld, Security Columnist *CPA, CISSP, > CISA, MCSE: Security (2000/2003), CEH, yada...yada... > *email: roger_grimes@...oworld.com or roger@...neretcs.com > *Author of Windows Vista Security: Securing Vista Against > Malicious Attacks (Wiley) > *http://www.amazon.com/Windows-Vista-Security-Securing-Malicio us/dp/0470 > 101555 > ***************************************************************** > > > -----Original Message----- > From: Alex Eckelberry [mailto:AlexE@...belt-software.com] > Sent: Thursday, November 01, 2007 5:49 PM > To: Thor (Hammer of God); Gadi Evron; bugtraq@...urityfocus.com; > full-disclosure@...ts.grok.org.uk > Subject: RE: mac trojan in-the-wild > > The future of malware is going to be largely through social > engineering. > Does that mean we ignore every threat that comes out because > it requires > user interaction? Seems like whistling past the graveyard to me. > > Alex > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists